312-50V13 · Question #310
312-50V13 Question #310: Real Exam Question with Answer & Explanation
The correct answer is A: DLL Hijacking. An attacker achieved privilege escalation on a compromised server by loading a malicious Dynamic Link Library (DLL) that lacked a fully qualified path in the application directory, indicating a DLL Hijacking attack.
Question
John, a security analyst, is analyzing a server suspected of being compromised. The attacker has used a non admin account and has already gained a foothold on the system. John discovers that a new Dynamic Link Library is loaded in the application directory of the affected server. This DLL does not have a fully qualified path and seems to be malicious. What privilege escalation technique has the attacker likely used to compromise this server?
Options
- ADLL Hijacking
- BNamed Pipe Impersonation
- CSpectre and Meltdown Vulnerabilities
- DExploiting Misconfigured Services
Explanation
An attacker achieved privilege escalation on a compromised server by loading a malicious Dynamic Link Library (DLL) that lacked a fully qualified path in the application directory, indicating a DLL Hijacking attack.
Common mistakes.
- B. Named Pipe Impersonation is a technique where a malicious client impersonates a higher-privileged server process using named pipes, which is distinct from loading a malicious DLL.
- C. Spectre and Meltdown vulnerabilities are hardware-level side-channel attacks on CPU architectures used to bypass memory isolation, not a privilege escalation method involving malicious DLLs.
- D. Exploiting Misconfigured Services involves leveraging weak permissions or improper settings in service configurations to elevate privileges, differing from the DLL loading mechanism described.
Concept tested. Privilege escalation techniques (DLL Hijacking)
Reference. https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security
Topics
Community Discussion
No community discussion yet for this question.